Secure Coding

Secure coding is writing code with security in mind from the beginning. By not making security mistakes the code is more secure and time won't be wasted down the road having to rewrite or redesign features and functionality.

Communicating

E-Mail List

Fedora security list: For discussion about improvement of Fedora security.

Training and Articles

In addition to the Defensive Coding book the Security SIG is charged with creating training resources. Videos and smaller articles on secure development can also be created to concentrate specific topics. These resources should be stored in the secure coding git repository.

Security Status

Security Features

Fedora Security Response

The Fedora Security Response Team handles security issues within Fedora. The Red Hat security team can be reached by mailing secalert AT SPAMFREE redhat DOT com. Information regarding known public issues can be found on the Security Status page.

Endemic Security Risks

Due to the Fedora Project's use of resources not directly under our control, such as mirrors, Fedora and its users have exposure to additional endemic risks, and takes as many steps as possible mitigate these risks.

Presentations

Fedora Security Advisories

Fedora Security Tracking Bugs

To track security vulnerabilities in packages, tracking bugs are used.

List of Embedded Software

We are maintaining a list of embedded software within various packages. This will help us to quickly identify if a problem in library X can be corrected with updating library X, or if it also requires updating other packages that may contain their own private copies of library X. The embedded software list is used for this purpose.

List of SUID / SGID executables

We are maintaining a list of SUID / SGID bit equipped executables

within various packages. This will help us to quickly identify
privileged binaries. This list is preliminary planned to be prepared
for Fedora release of 14 and it will be enhanced later to include
list of privileged binaries in also in newer versions of Fedora.
The list of SUID SGID executables
is used for this purpose.

Red Hat, Red Hat Enterprise Linux, the Shadowman logo, and JBoss are trademarks or registered trademarks of
Red Hat, Inc. or its subsidiaries in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
The Fedora Project is maintained and driven by the community and sponsored by Red Hat. This is a community
maintained site. Red Hat is not responsible for content.